Due to our agile development approach it is cost prohibitive to maintain AWS SOC 2, but we do adhere to OWASP Level 1.
The (very) short answer is - no. We adhere to OWASP level 1 and routinely do verification towards it. Given how frequently we release new versions of the software we would be re-certifying against SOC 2 (and ISO) all that time and that would take longer than the releases themselves. If your team needs to chat with anyone at Area9, please contact us.
As we are an agile development group with frequent deploys, we do not hold any continuous certification as we do not audit every deployed version. The technology management team has evaluated the cost/ benefit and decided to only run occasional audits to ensure that the platform has not digressed while maintaining a reasonable workload and an ability to react timely. Area9 and the learning platform adhere to the proper requirements for handling PII, and living up to the GDPR requirements within Europe and North America as a Data Processor on behalf of our customers/partners as Data Controller. Upon internal audit, Area9 can confirm that we are eligible for certification if the business need ever arose. Additionally, we follow OWASP recommendations for hardware and software security configurations.